I posted a thread in regards to which certification path I should take as a newbie. I am aware of OSCP and CEH and have also heard a lot about CREST and TIGERSCHEME which dont seem to be as well known around the world as they have were founded here in the UK.

Please see links to the sites below and let me know what you guys think to them

In the UK most Pen Testing Jobs require that you have CHECK Team Member status or you cannot do any government work. You can become a CHECK member by passing the CHECK Assault Course, be British and eligible for SC or you need to be CREST certified. I understand that there is some interoperability between the two organisations in accepting each others qualifications. Although it is worth noting that you can do a CREST cert. as an individual whereas you need to be part of a CHECK Team/company for the CHECK cert.

I find the best thing to do is search for Penetration Tester on http://www.Jobserve.com and try and decide which route to take based on what the available jobs are looking for ....

Yeah from my searches i would probably say CREST, CHECK and CISSP! I just wanted to know if anyone would also advise on TIGERSCHEME but doesnt seem to be known at all yet because it is founded in UK and is so new i guess

If you become a CREST approved tester, you also recieve your Check team leader status at the same time (vis CREST). The Check Approved scheme was setup to ensure quality (or both the tester and company) when performing pen tests on goverment site. However, there was nothing similar for the private sector and Check Team Leader / CHECK Approved because the de facto standard for both private and public sector. This was never the goal of Check approved, and apart from setting some kind of minimum standard for the skill of the pen tester, the other elements of CHECK wouldnt apply to the private sector. So, CREST was born. CREST has been ratified by CHECK so any CREST approved team leader will also become a CHECK team leader Unless you are a current check team leader or work for a check approved company, it is impossible for you to take CHECK team leader exam. SO, the new standard is CREST - CREST approved consultant & CREST approved company.

The CREST exam is both a written exam and a practical exam across their syllabus. For info on the CREST technical syllabus, see :

Thankyou, that clarifies a lot for me by confirming that CREST is definately the direction i want to be going in. I have a friend whom has passed the CREST cert and has said it is fairly difficult but the only cert he has done (surprisingly) so is unable to perform any comparison. Have you done the CREST exam and in difficulty could you compare with any other or is it in a league of its own?

Yeah i agree it sounds sexier, but unfortunately the price is a bit of a turn off in comparison to the OSCP and if you were to do the self study CEH and the fact that it isnt established yet probably wont benefit me at the price to pay at the moment.

Thankyou, that clarifies a lot for me by confirming that CREST is definately the direction i want to be going in. I have a friend whom has passed the CREST cert and has said it is fairly difficult but the only cert he has done (surprisingly) so is unable to perform any comparison. Have you done the CREST exam and in difficulty could you compare with any other or is it in a league of its own?

Hi T_Bone, nope, I havent done crest yet but I am currently studing for it. I will post back here with an update of how it compares.

Yeah he performed the test last year and didnt really give me much information other than pointing me in the direction of the syllabus on their website. To be honest he is very busy and is never in the country but has agreed to go through it in a bit more detail with me at some point this summer when he returns, so will post a little something then

I have decided to go in the direction of CREST but wont be doing this for a good while yet.

Good luck with the Offsec course, looks good. I am aiming to do the OSCP next month so i can build a good grounding for the check course as OSCP is very hands-on and technical

As far as i am aware there is no official course material, you have the syllabus available for free as you know in which you need to understand and master each topic using your own materials. To be honest if you use the syllabus as a guide you can pick up all the information from the internet or existing security books